Configuration management and security patch management are not new concepts. Processes and technologies that help provide a level of predictability and consistency toward ensuring servers remain updated and compliant have been in existence for more than a decade.
The configuration management program of today evolved from a program that initially used Microsoft Systems Management Server (SMS) to address only security patch management. When System Center Configuration Manager released, the product is used as a discovery mechanism for asset inventory information as well as security patch management.
Asset inventory has become a data source that server and application administrators use as a rapid auditing tool. Now internal customers can come an organization with specific inventory information requests about servers in the data center. The centralized data, stored in a Configuration Management Database (CMDB), is available to business groups so that they can build business logic behind it.
Software distribution alongside security patching is added. MSIT operations use the processes and resources of the security-patching infrastructure to install updates alongside security patches within the framework of scheduled maintenance windows. As software distribution grows, further automation is being driven into the existing asset inventory, and organization is building up the newly available Desired Configuration Management program, which provides desired configuration management services to service and application owners in the organization.
From the perspective of managing security patches, not much has changed from the core activities of earlier efforts. The number of servers for which organization manages the configuration continually grows. The integration and enhancement of the features available in Configuration Manager can help organization keep up with the ever-increasing number of threats and the volume of security patches now regularly released.Best regards.
Content will be erased after question is completed.